CVE-2026-3027 | erzhongxmu JEEWMS up to 3.7 UEditor getContent.jsp myEditor cross site scripting

Inserito da Angelo Barbosa | Feb 23, 2026 | CVE

A vulnerability classified as problematic was found in erzhongxmu JEEWMS up to 3.7. This affects an unknown part of the file src/main/webapp/plug-in/ueditor/jsp/getContent.jsp of the component UEditor. The manipulation of the argument myEditor results in cross site scripting.

This vulnerability is reported as CVE-2026-3027. The attack can be launched remotely. Moreover, an exploit is present.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2026-3027 | erzhongxmu JEEWMS up to 3.7 UEditor getContent.jsp myEditor cross site scripting

Post correlati

CVE-2024-46948 | Northern.tech Mender up to 3.6.4/3.7.4 access control

CVE-2023-49448 | JFinalCMS 5.0.0 admin/nav/delete cross-site request forgery

CVE-2025-0441 | Google Chrome up to 131.0.6778.264 Fenced Frames information disclosure

CVE-2025-52534 | AMD EPYC 9005 Processors Guest improper validation of specified quantity in input